GDPR POLICY

Who are we?

We are Rotherhithe Residential Management Ltd of Accounts Office, Pacific Wharf, 165
Rotherhithe Street, London SE16 5QF

What do we do?

We have been appointed by your Management Company or Landlord to manage the
common areas of your block of flats.

What is our role under the General Data Protection Regulation (GDPR)?

We consider ourselves to be the Data Processor & Controller. Both the Data Controller
and the Data Processor are subject to the Office of the Information Commissioner, the
Supervisory Authority.
Information Commissioner’s Office Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
tel : 0303 123 1113
casework@ico.org.uk
https://ico.org.uk

Where did we get your data?

Originally your data was received from either the previous managing agent, the
directors of your Management Company or your solicitor on purchase (unless you
provided it to us yourself). Subsequently any data received by us was through the
Data Controller or directly from you or another Data Processor for the purposes
described below.

What is the purpose of processing your data?

Your property is subject to a lease to which you, the Data Subject, and your
Management Company or Landlord are party to. We have been appointed by your
Management Company or Landlord to administer the covenants of that lease. This
involves maintaining accounts, administration, and common area matters.

What is the lawful basis for this processing?

1. Processing is necessary for the performance of a contract to which the Data
Subject is party [Article 6 GDPR (1)b].
2. Processing is necessary for compliance with a legal obligation to which the Data
Controller is subject [Article 6 GDPR (1)c]. In this instance the Management Company is
required by the Companies Act 2006 to maintain adequate accounting records and a
list of members past and present.
3. Processing is necessary under a legitimate interest.

What type of data do we keep?

• Names
• Addresses
• Email addresses
• Phone number
• Details of interested parties
• Key holder names
• Key holder email addresses
• Key holder phone numbers
• Tenant names
• Tenant email addresses
• Tenant phone numbers
• Other general contact information
• Payment comments/details
• Transaction details

Where is this data stored?

This data is stored in a database provided by Resident Block Management software.
Access is only granted to administrators associated with our office.

Who is this data shared with?

From time to time we may share your data with the following categories of persons for
a specific purpose:
• Accountants
• Solicitors
• Insurers, Insurance Brokers and Loss Adjusters
• Contractors (including maintenance contractors)
• Regulatory Authorities

How long will the data be stored?

Your data will be maintained by us for as long as our appointment exists or for as long
as required by Statute or for as long as Lawfulness of Processing can be established
without consent.

What if you sell the property?

Where the Lessor is a Company, there is still an obligation on the Data Controller to
main adequate accounting records, and a list of past and present members. However,
if you sell the property only your name, address and transaction details are necessary
to satisfy this requirement. All other contact details are erased.

What are your rights?

• You have a right to be informed.
• You may request a copy of your data stored.
• You may request correction to any erroneous data.
• You may request deletion of data, if not in violation of statutory or contractual
requirements.
• You may request a restriction on processing.
• You may lodge a complaint to the controller or object to processing.
• You may lodge a complaint to the Supervisory Authority.
• You may withdraw consent if processing originally required consent.

What happens in the event of a Data Breach?

In the case of a data breach, the Data Controller shall without undue delay and, where
feasible, not later than 72 hours after having become aware of it, notify the personal
data breach to the Supervisory Authority and Data Subject, if the personal data
breach is likely to result in a risk to the rights and freedoms of natural persons.
Changes to this Notice
This Policy may be subject to change, and we will notify you of any changes.